Lucene search
K

106 matches found

Huntr
Huntr
added 2023/02/28 3:4 a.m.28 views

SQL Injection in 'core/ajax/ajax_data.php'

Description There exists an SQL injection affecting the customerid parameter located in the file core/ajax/ajaxdata.php Let's take a look at the following code: https://github.com/unilogies/bumsys/blob/9dc2de204116297a7e528c38bc3b1e89bf40f907/core/ajax/ajaxdata.phpL537 sql where stockproductid =...

4CVSS7.2AI score0.00751EPSS
Exploits1
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.13 views

Code breaks if first user is not expected user

Lines of code Vulnerability details Code breaks if first user is not expected user Summary Rather than iterate and continue if user is not the expected one, this code breaks all the execution if first user is userId Vulnerability Detail Execution is broke most of the times at first iteration for ...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/02/01 12:0 a.m.7 views

Losses in Pair and LendgineRouter can be generated if used with ERC20 Tokens with fee on transfer

Lines of code Vulnerability details Losses in Pair and LendgineRouter can be generated if used with ERC20 Tokens with fee on transfer Summary Some tokens token1, token0, ... are used over the code that can be any kind of ERC20 token. If this token includes fees on transfer, some operations will...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/01/29 12:0 a.m.15 views

Integer Overflow Vulnerability in _addSplittable Function.

Lines of code Vulnerability details Impact splitsStorage.splitsStatesuserId.balancesassetId.splittable += amt; This vulnerability, if exploited, would allow an attacker to add a large amount of funds to a user's splittable balance, causing it to exceed the maximum value that the uint128 type can...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/01/26 12:0 a.m.7 views

TimeswapV2LiquidityToken: collect() will always revert because it uses the wrong parameters when calling ITimeswapV2Pool.transferFees()

Lines of code Vulnerability details Proof of Concept collect uses the wrong paramenters when calling ITimeswapV2Pool.transferFees. It uses long0Fees, long1Fees, and shortFees instead of param.long0FeesDesired, param.long1FeesDesired, and param.shortFeesDesired. The former 3 are defined in the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/25 12:0 a.m.18 views

Missing Access Controls in Liquidity Position Library

Lines of code Vulnerability details Impact function feesEarnedOf LiquidityPosition memory liquidityPosition, uint256 long0FeeGrowth, uint256 long1FeeGrowth, uint256 shortFeeGrowth internal pure returns uint256 long0Fee, uint256 long1Fee, uint256 shortFee ... function updateLiquidityPosition stora...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/12 12:0 a.m.10 views

Pool._amountToBin() returns a wrong value when protocolFeeRatio = 100%.

Lines of code Vulnerability details Impact Pool.amountToBin returns a larger value than it should when protocolFeeRatio = 100%. As a result, bin balances might be calculated wrongly. Proof of Concept delta.deltaInBinInternal is used to update the bin balances like this. if tokenAIn binBalanceA +=...

6.8AI score
Exploits0
OSV
OSV
added 2022/12/05 11:34 p.m.28 views

GHSA-78M5-JPMF-CH7V GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package

Summary Unsafe extracting using shutil.unpackarchive from a remotely retrieved tarball may lead to writing the extracted file to an unintended destination. Details Extracting files using shutil.unpackarchive from a potentially malicious tarball without validating that the destination file path is...

5.8CVSS6.1AI score0.00704EPSS
Exploits1References6
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.11 views

# [KB123-M-1]. return(timestamp / WEEK) * WEEK; is in seconds instead of weeks.

Lines of code Vulnerability details Medium Report KB123-M-1. returntimestamp / WEEK WEEK; is in seconds instead of weeks. Vulnerability details Impact return timestamp / WEEK WEEK; is in seconds Rounded by seconds in 1 week instead of weeks Causing timestamp logic to be broken POC Epoch timestamp...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/07/18 12:0 a.m.15 views

Parent domain owner can steal ownership and clear any fuses for any sub-domain if CANNOT_UNWRAP is not burnt on his own domain

Lines of code Vulnerability details Impact There is a general incorrect logic of burning fuses throughout NameWrapper, which allows parent domain owner to burn subdomain fuses including PARENTCANNOTCONTROL regardless of parent domain's own fuses only subdomain fuses are checked, parent fuses are...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/07/02 12:0 a.m.6 views

Eth sent to Timelock will be locked in current implementation

Lines of code Vulnerability details Impact Eth sent to Timelock will be locked in current implementation. I came across this problem while playing around with the governance contract. Proof of Concept Setup the governance contracts GovernorBravoDelegate, Timelock Send eth to timelock contract Set...

6.9AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:9 p.m.4 views

Malicious code in code-snippet-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f680de2cbe3d658c28bad18e894dd3fd430e14419dc1cf04f15a54e89f19501d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:9 p.m.5 views

MAL-2022-1969 Malicious code in code-snippet-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f680de2cbe3d658c28bad18e894dd3fd430e14419dc1cf04f15a54e89f19501d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Packet Storm
Packet Storm
added 2022/01/17 12:0 a.m.366 views

Win32.MarsStealer Web Panel Cross Site Scripting

Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/8abb41f6e7010d70c90f65fd9a740faaB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Win32.MarsStealer Web Panel Vulnerability: Unauthenticated Remote Persistent XSS Description: The...

Exploits0
OpenVAS
OpenVAS
added 2021/10/19 12:0 a.m.25 views

Zoom Client < 4.6.12 Multiple Vulnerabilities (Jun 2020)

The Zoom Client is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:zoom:zoom"; ifdescription...

9.8CVSS7.5AI score0.04914EPSS
Exploits2References3
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.9 views

transferNotionalFrom doesn't check from != to

Handle gpersoon Vulnerability details Impact The function transferNotionalFrom of VaultTracker.sol uses temporary variables to store the balances. If the "from" and "to" address are the same then the balance of "from" is overwritten by the balance of "to". This means the balance of "from" and "to...

7AI score
Exploits0
NVD
NVD
added 2021/07/22 5:15 p.m.21 views

CVE-2021-26698

OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet user-generated content when a sharing link is created and the dl parameter is used...

6.1CVSS0.01428EPSS
Exploits2References3
NVD
NVD
added 2021/05/27 9:15 a.m.15 views

CVE-2021-20727

Cross-site scripting vulnerability in Zettlr from 0.20.0 to 1.8.8 allows an attacker to execute an arbitrary script by loading a file or code snippet containing an invalid iframe into Zettlr...

6.1CVSS0.01036EPSS
Exploits0References3
Hacker One
Hacker One
added 2020/12/28 10:56 p.m.200 views

h1-ctf: Hacky Holidays Writeup

On December 12th, 2020, the CTF became live and the scope that we are allowed to attack was In Scope Domain - hackyholidays.h1ctf.com Our main motive was to infiltrate his network and take him down. The challenges appeared one by one till 24th of December. Here we will be going through all the...

6.9AI score
Exploits0
Talos
Talos
added 2020/06/03 12:0 a.m.41 views

Zoom Client Application Chat Code Snippet Remote Code Execution Vulnerability

Summary An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacke...

8.8CVSS8.3AI score0.04264EPSS
Exploits1
Rows per page
Query Builder